Abstract: A method for execution by a computing device of a storage network includes dispersed storage error decoding a plurality of sets of encoded data slices to recover a plurality of secure packages, where the plurality of secure packages include a plurality of encrypted data segments and a plurality of sets of encoded key slices, and where encoded key slices are appended to the encrypted data segments in accordance with an appending approach. The method includes splitting the plurality of secure packages into the plurality of encrypted data segments and the plurality of sets of encoded key slices. The method includes decoding the at least the decode threshold number of each set of the plurality of sets of encoded key slices to recover a plurality of encryption keys. The method includes decrypting the plurality of encrypted data segments using the plurality of encryption keys to recover the data segments.

Abstract: An authentication system includes an authenticator that receives an authentication request from a device and receives sensor data from one or more sensors, the sensor data being indicative of interaction with one or more real world objects or with a displayed authentication image. The authenticator determines that the sensor data is indicative of an authorized interaction with the one or more real world objects or with the displayed authentication image and, in response to the determination, grants the authentication request.

Abstract: Techniques for securing control and user plane separation in mobile networks (e.g., service provider networks for mobile subscribers, such as for 4G/5G networks) are disclosed. In some embodiments, a system/process/computer program product for securing control and user plane separation in mobile networks in accordance with some embodiments includes monitoring network traffic on a mobile network at a security platform to identify an Packet Forwarding Control Protocol (PFCP) message associated with a new session, in which the mobile network includes a 4G network or a 5G network; extracting a plurality of parameters from the PFCP message at the security platform; and enforcing a security policy at the security platform on the new session based on one or more of the plurality of parameters to secure control and user plane separation in the mobile network.

Abstract: An apparatus may comprise an electronic circuit configured to perform one or more functions or operations, and a memory associated with the electronic circuit. The memory stores a customer-side circuit identification (ID) comprising watermark value combined with a pseudo-random number that is generated as a function of a seed value, wherein the seed value is based on a timestamp generated by computer. An external interface may be coupled to the memory, wherein the external interface provides read-access to the customer-side circuit ID.

Abstract: A computing system for enabling the analysis of multiple raw data sets whilst protecting the privacy of information within the raw data sets, the system comprising a plurality of synthetic data generators and a data hub. Each synthetic data generator is configured to: access a corresponding raw data set stored in a corresponding one of a plurality of raw data stores; produce, based on the corresponding raw data set, a synthetic data generator model configured to generate a synthetic data set representative of the corresponding raw data set; and push synthetic information including at least one of the corresponding synthetic data set and the synthetic data generator model to the data hub. The data hub is configured to store the synthetic information received from the synthetic data generators for access by one or more clients for analysis.

Abstract: An attack countermeasure determination includes a domain name input unit that receives any domain name as input, and acquires setting information corresponding to the domain name, registration information corresponding to the domain name, and external information corresponding to an internet protocol (IP) address corresponding to the domain name, as feature information on the domain name, an attack countermeasure determination unit that specifies a pre-designated category for the domain name on the basis of the feature information and determines, in a stepwise manner, an attack countermeasure against the domain name in accordance with the specified category, and an attack countermeasure information output unit that outputs attack countermeasure information corresponding to the attack countermeasure.

Abstract: The present disclosure provides a method, a control terminal and a system for assisting a device to access a network. The method includes: receiving auxiliary distribution network information which is used to assist a device to access the network, filling the received auxiliary distribution network information into a probe request frame, and sending the probe request frame which carries the auxiliary distribution network information in a wifi broadcast packet, so that, after monitoring the wifi broadcast packet, the device accesses a corresponding wireless router by using the auxiliary distribution network information carried by the probe request frame in the wifi broadcast packet.

Abstract: An example operation may include one or more of connecting, by a recipient node, to a source node via a blockchain network, receiving, by the recipient node, a data block, a digest of the data block encrypted by a private key of the source node, a public key paired to the private key and an IP address of the source node, calculating, by the recipient node, a digest of the data block, decrypting, by the recipient node, the digest of the data block by the public key, comparing, by the recipient node, the decrypted digest against the digest, and in response to a match, storing the encrypted digest, the public key and the IP address of the source node onto a ledger of the recipient node.

Abstract: Systems, apparatuses and methods may provide for a memory apparatus that includes a client-side address space dedicated to an accessor of obfuscated multi-tenant data, wherein an executable view generation library is stored to the client-side address space. In one example, the executable view generation library is to receive a request to access at least a portion of the obfuscated multi-tenant data, convert the obfuscated multi-tenant data to deobfuscated multi-tenant data based on metadata associated with the executable view generation library and generate a single-tenant view based on the deobfuscated multi-tenant data.

Abstract: An embodiment of this application provides a communications method. The method includes: generating, by an first base station, a radio resource control release message on which encryption and integrity protection are performed by using a new key; and sending, by the first base station, the radio resource control release message to a second base station, thereby improving security of communication between the serving device and the terminal and reducing signaling overheads for performing key negotiation over an air interface.

Abstract: The present disclosure relates to generating a passphrase for an encrypted volume by at least cryptographically combing the first cryptographic key and the shared secret. Where the shared secret is split into a plurality of shares and a first number of the plurality of shares is greater than a second number of the plurality of shares and the second number of the plurality of shares is required to reconstruct the shared secret.

Abstract: A network device decrypts a record, received from a client device, that is associated with an encrypted session between the client device and an application platform. The network device incorporates decrypted record data, from the decrypted record, into a payload field of a transmission control protocol (TCP) packet to be transmitted to another device, identifies a record header in the record, and determines, based on the record header, a record type associated with the decrypted record. Based on the record type, the network device marks the one or more TCP packets as including urgent data by setting a TCP urgent control bit in a header of the one or more TCP packets, and sets a second field, in the header of the TCP packet, to a second value that identifies an end of the urgent data, which corresponds to an end of the decrypted record data in the payload field.

Abstract: A configuration of a cloud application exposed via a public IP address is duplicated with modifications to include a private IP address to expose the application internally. The original configuration is updated so that external network traffic sent to the application is redirected to and distributed across agents running on nodes of a cloud cluster by which web application firewalls (WAFs) are implemented. A set of agents for which the respective WAFs should inspect the redirected network traffic are selected based on cluster metrics, such as network and resource utilization metrics. The redirected network traffic targets a port allocated to the agents that is unique to the application, where ports are allocated on a per-application basis so each of the agents can support WAF protection for multiple applications. Network traffic which a WAF allows to pass is directed from the agent to the application via its private IP address.

Abstract: A mechanism of authenticating a communication device onto a radio access network via a private wireless gateway is described. This includes communicating with a communication device via a first wireless interface authentication information, a preferred roaming list (PRL), and an initial access value are obtained from the communication device. A first expected access value is determined based on rolling code data and a secret function. The PRL is authenticated when the first expected access value matches the initial access value. The communication device is proxied onto a radio access network via a second wireless interface. The proxying includes providing the authentication information and the PRL to a cell site attached to the radio access network.

Abstract: A transaction data processing method includes: receiving a first transaction document from a device of a transaction initiator, the first transaction document being associated with identity labels of a plurality of transaction participants; separately performing identity authentication on the plurality of transaction participants according to the identity labels of the plurality of transaction participants, to obtain an identity authentication result.

Abstract: A programmable logic device verifies that configuration data permissibly programs the programmable logic device. The programmable logic device includes a programmable fabric having partitions to be programmed by the configuration data, a secure device manager that may generate masks based on the configuration data, and a local sector manager. The masks determine that the configuration data is configured to permissibly program the permitted partitions or that the permitted partitions have been permissibly programmed. The local sector manager applies the masks to generate an interleaved result, compares the interleaved result to an expected result, and sends an indication that the configuration data is configured to permissibly program the permitted partitions or permissibly programmed the permitted partitions in response to determining that the interleaved result is the expected result, or sends an alert to stop programming in response to determining that the interleaved result is not the expected result.

Abstract: A method of tracking phishing activity is disclosed. A request to download a webpage hosted as part of a legitimate website on a server is initiated. The request includes identification data pertaining to at least one user computing device. The identification data is extracted from the request. A unique identifier corresponding to the extracted identification data is generated. Fingerprint data is generated using at least a subset of the extracted identification data. The unique identifier, the extracted identification data and the fingerprint data is stored. The fingerprint data is encoded into a program and/or data associated with the webpage to generate a modified webpage. The modified webpage is transmitted from the server to the user computing device in response to the request.

Abstract: Systems and methods for threshold authenticated encryption are provided. A collection of cryptographic devices may encrypt or decrypt a message, provided that a threshold number of those devices participate in the encryption process. One cryptographic device may generate a commitment message and transmit it to the other selected devices. Those devices may each perform a partial computation using the commitment message, and transmit the partial computations back to the encrypting or decrypting device. The encrypting or decrypting device may use those partial computations to produce a cryptographic key, which may then be used to encrypt or decrypt the message.

Abstract: A client application manages a resolver configuration and sends DNS requests to a threat protection service when a mobile device operating the client application is operating off-network. The client application detects network conditions and automatically configures an appropriate system-wide DNS resolution setting. DNS requests from the client identify the customer and the device to threat protection (TP) service resolvers without introducing a publicly-visible customer or device identifier. The TP system applies the correct policy to DNS requests coming from off-network clients. In particular, the TP resolver recognizes the customer for requests coming from such clients and applies the customer's policy. The resolver is also configured to log the customer and the device associated with requests from the TP off-net client. Request logs from the TP resolver are provided to a cloud security intelligence platform for threat intelligence analytics and customer visible reporting.

Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to recognize a user input field of a web site displayable in a browser, the website identified as a security risk based on a whitelist of website addresses; determine that a sequence of characters within the user input field matches one or more entries in a list of partial passwords in response to the web site being identified as a security risk; and prevent the user from entering additional characters into the user input field in response to the determination, to block receipt of the password by the web site. The determination may be performed in response to a count of characters in the sequence of characters exceeding a threshold.